China’s “Largest Ever” Cyber Attack Shows The Threat Continues

China Cyber Attack

The news this week that China has been hit by its “biggest ever” cyber attack has been reported across the global media, highlighting how the distributed denial of service (DDoS) attack was said to have targeted servers responsible for sites with a .cn domain name.

The reality is that this type of attack isn’t particularly new, clever or innovative. Volumetric DDoS attacks will continue to take place and make the news and businesses and have a responsibility to protect themselves from this type of attack in future.

It’s also important to remember that a DDoS attack is often just a smoke screen for a more sophisticated attack that can potentially cost the company even more money. The problem here is to find the needle in the haystack. How does your security infrastructure cope with the influx of traffic during a DDoS attack. More importantly, can it find things like SQL injection attacks in the storm of traffic?

Recent news that the UK government is also looking to train army reserves to become cyber defence specialists is understandable, particularly in light of news that cyber attacks hit government departments around 1,000 times per hour.

Prime Minister David Cameron and other members of the government have spoken about the importance of improving the nation’s cyber defences. Foreign Secretary William Hague described it as one of the “great challenges of our time” and one which the UK must confront.

This is a lead that businesses can follow as well. By adding cyber specialists to their IT teams, businesses can improve their defences, helping them stop the types of attacks that can cause so much damage, both financially and in terms of reputation.

So how can businesses do to protect themselves in the light of such threats? I believe that a combination of on-premise equipment for detecting network based DDoS attacks and attacks on the application level allows you to close the window for cyber criminals and more efficiently stop any attack on a network and application layer.

The risk of being “DDoS attacked” has never been greater. DDoS attacks have become the de-factor standard for online protests and it will continue to be used by hacktivists to make themselves heard, whether for political, ideological, financial or religious reasons. Our job is to ensure we continue to build the best solutions to prevent such attacks.

SHARETweet about this on TwitterShare on LinkedInShare on FacebookShare on Google+Pin on PinterestDigg thisShare on RedditShare on TumblrShare on StumbleUponEmail this to someone
Joakim Sundberg

Joakim Sundberg is a 14-year veteran of the IT security business. He has held several senior and leading positions with some of the largest and most respected IT security companies in the world. He follows the trends and methods used over the last few years by organised cybercrime groups on the Internet. Today, Joakim is a Security Solution Architect at F5 Networks, focusing primarily on network security and DDoS prevention.

  • NNT_Mark_Kedgley

    News that China has been hit by its biggest ever cyber-attack has highlighted the very real and on-going threat of cybercrime worldwide and in this case the threat of distributed denial of service (DDoS) attacks.

    DDoS attacks can often hide a more sinister and more damaging attack – where the DDoS actually acts as a distraction – and for this reason organisations within both the private and public sector, must ensure that their IT security infrastructure and processes are up to speed and fully prepared for an attack to strike at any time.

    Whether due to complacency or naivety, the vast majority of organisations have failed to adapt these security processes and procedures to reflect the changing threat landscape. Today’s attacks are carried out by groups, rather than individuals; and many are now designed to steal valuable data – and leave no trace. And these organisations are patient. This complacency must be addressed and organisations need to start embracing a higher level of best practice in security processes and procedures.

    Organisations need a completely infallible way of detecting the presence of malware if and when it does manage to bypass security defences. The back stop to traditional defences ideally needs to be a real time alert triggered by any change to file structure that might indicate compromise or the beginning of the slow move towards the central core of the business. File Integrity Monitoring (FIM) is proven to radically reduce the risk of security breaches by raising an alert related to any change in underlying, core file systems, to ensure there is no risk of stealth attacks.

    It is imperative that organisations safeguard their data – from customer records to intellectual property – against organisations with phenomenal reach and expertise, as well as a willingness to play the waiting game. The risks have changed. The threat is stealthy and targeted. Organisations in all sectors must be armed with the right defences to ensure that security is part of everyday business operations.

    Mark Kedgley, CTO, NNT